AirGapNet reduces risk by changing the default state of a service path: closed until approved work needs it, then closed again when the window ends.
Resting state
Disconnected
Active state
Time-limited access
The product is not another always-on software gate. It changes whether the path physically exists.
Default closed
AirGapNet sits on the line that should not stay reachable between maintenance windows.
Controlled window
Access can be switched manually, by schedule, or by a controlled event over an independent channel.
Exposure removed
When the window ends, the protected path returns to a mechanically disconnected state.
Try it
Click the button below to open the maintenance window — and watch the physical line connect and disconnect.
Default state · Path closed
Timeline
Tap a phase to scrub →
By default the line is physically open — neither side is electrically reachable. The break is hardware, not a firewall rule.
Every access window follows the same three-step lifecycle. The path is created on demand, lives only as long as the work needs it, and is mechanically removed when the window closes.
Approver opens a scheduled window over the independent control channel.
AGN1 closes the relay only for the approved window — traffic flows.
Window ends. The relay opens. The path returns to a mechanical break.
Triggers for step 01
Three ways to start a window.
01 · Manual
For on-site teams that want direct command over every connection window.
02 · Scheduled
For recurring patch, backup, update, and vendor support routines.
03 · Event-based
For workflows that open a path only after a verified operational signal.
The service path exists for the job, then disappears from the network surface.
A separate control path avoids depending on the route being isolated.
AirGapNet complements firewalls, EDR, VPNs, segmentation, and operator training.
Every AirGapNet device is controlled over an independent GSM channel — not over the network it protects. The app or an SMS code opens a path for a defined window; when the window ends, the path returns to a mechanical break.
Phone-number whitelisting
Only approved numbers can send control codes. Two-factor on the device.
Time-boxed windows
Every open command carries an expiry. Auto-close runs locally on the unit.
Off-network control
The control path doesn't depend on the production LAN being reachable.
AirGapNet
AirGapNet@gmail.com
AGN1 · vendor-access-02
OPENWindow: 12:34
ends in 12m · auto-close
Recent activity
12:34
Window opened · approved by ops
11:22
Schedule armed · 02:00 UTC
Yesterday
Window auto-closed · 28m
Yesterday
Vendor session ended · ok
Use cases
Six common paths where always-on reachability creates unnecessary exposure.
Take a server off the public internet between active sessions. The line returns only for approved windows — backups, updates, vendor jobs.
Open admin access to a server during a scheduled maintenance slot. The path closes automatically when the window ends.
Backup targets stay disconnected from the production network and only open when the backup job runs. Ransomware cannot follow what is not connected.
Pair AGN1 with an air-gapped backup target so the vault is reachable only on explicit, time-limited writes. Combine with WORM storage for true immutability.
Disconnect cameras, sensors, displays, or kiosks from the network when they aren't actively in use. Reduces the lateral-movement surface from edge devices.
External technicians get scoped access to one device during a defined window. No on-site escort, no entire-network exposure.
Ready to see the device?
Three SKUs, one default state.